<?php
/*
+-----------------------------------------------------------------------------+
| $Id: forbid_ip.php 2010-05-24 12:37:44Z Bleakwind $
| Manage forbid ip
| Copyright (c) 2003-2010 Bleakwind (www.weaverdream.com)
| http://www.weaverdream.com/
| Release under the GNU Lesser General Public License Version 3 (LGPLv3):
|   http://www.gnu.org/licenses/lgpl.html
+-----------------------------------------------------------------------------+
*/

if (!defined( 'ENTRY_INDEX')){
    echo "<h1>Forbidden</h1><p>You don't have permission to access on this server.</p>";
    exit;
}

if($sys->get['ope'] == "add"){
    if ( $sys->post['ip1'] == "" ||
         $sys->post['ip2'] == "" ||
         $sys->post['ip3'] == "" ||
         $sys->post['ip4'] == "" ||
         $sys->post['time_begin'] == "" ||
         $sys->post['time_end'] == "" ){
        $sys->prompt("failed","IP,和到期时间必须填写!<!-- ip*,time_begin,time_end empty -->");
    } elseif (!preg_match("/^[0-9\*]{1,3}$/",$sys->post['ip1']) 
        || !preg_match("/^[0-9\*]{1,3}$/",$sys->post['ip2'])
        || !preg_match("/^[0-9\*]{1,3}$/",$sys->post['ip3'])
        || !preg_match("/^[0-9\*]{1,3}$/",$sys->post['ip4'])){
        $sys->prompt("failed","ip格式错误,ip只能为3位内数字!<!-- ip error -->");
    }else{
        $sys->post['ip1'] = $sys->post['ip1'] == "*" ? $sys->post['ip1'] : (int)$sys->post['ip1'];
        $sys->post['ip2'] = $sys->post['ip2'] == "*" ? $sys->post['ip2'] : (int)$sys->post['ip2'];
        $sys->post['ip3'] = $sys->post['ip3'] == "*" ? $sys->post['ip3'] : (int)$sys->post['ip3'];
        $sys->post['ip4'] = $sys->post['ip4'] == "*" ? $sys->post['ip4'] : (int)$sys->post['ip4'];
        $myip = explode(".", $sys->ip);
        if (($sys->post['ip1'] == $myip[0] || $sys->post['ip1'] == "*") 
            && ($sys->post['ip2'] == $myip[1] || $sys->post['ip2'] == "*")
            && ($sys->post['ip3'] == $myip[2] || $sys->post['ip3'] == "*")
            && ($sys->post['ip4'] == $myip[3] || $sys->post['ip4'] == "*")) {
            $sys->prompt("failed","您的IP在屏蔽范围内,屏蔽无法成功操作!<!-- myip in -->");
        } else {
            if ($sys->post['time_begin'] != "0") {
                $sys->post['time_begin'] = strtotime($sys->post['time_begin']);
            }
            if ($sys->post['time_end'] != "0") {
                $sys->post['time_end'] = strtotime($sys->post['time_end']);
            }
            $result_ip  = func::db_count_record(DB_TABLE_FORBID_IP, "ip1 = '".$sys->post['ip1']."' AND ip2 = '".$sys->post['ip2']."' AND ip3 = '".$sys->post['ip3']."' AND ip4 = '".$sys->post['ip4']."'");
            if ($result_ip > 0) {
                $sql = "UPDATE ".DB_TABLE_FORBID_IP." SET
                            ip1             ='".addslashes($sys->post['ip1'])."',
                            ip2             ='".addslashes($sys->post['ip2'])."',
                            ip3             ='".addslashes($sys->post['ip3'])."',
                            ip4             ='".addslashes($sys->post['ip4'])."',
                            time_created    ='".addslashes($sys->nowtime)."',
                            time_begin      ='".addslashes($sys->post['time_begin'])."',
                            time_end        ='".addslashes($sys->post['time_end'])."',
                            admin_id        ='".addslashes($ADMIN['mid'])."'
                        WHERE ip1 = '".$sys->post['ip1']."' AND ip2 = '".$sys->post['ip2']."' AND ip3 = '".$sys->post['ip3']."' AND ip4 = '".$sys->post['ip4']."'";
            } else {
                $sql = "INSERT ".DB_TABLE_FORBID_IP." SET
                            ip1             ='".addslashes($sys->post['ip1'])."',
                            ip2             ='".addslashes($sys->post['ip2'])."',
                            ip3             ='".addslashes($sys->post['ip3'])."',
                            ip4             ='".addslashes($sys->post['ip4'])."',
                            time_created    ='".addslashes($sys->nowtime)."',
                            time_begin      ='".addslashes($sys->post['time_begin'])."',
                            time_end        ='".addslashes($sys->post['time_end'])."',
                            admin_id        ='".addslashes($ADMIN['mid'])."'";
            }
            $result_ip = $db->Execute($sql);
            if (!$result_ip) {
                echo $db->ErrorMsg();
            } 
            $sys->prompt("jump",$CONFIGURE['common']['control_admin']."?act=forbid_ip");
        }
    }

}elseif($sys->get['ope'] == "del"){

    if ( $sys->get['ip1'] == "" ||
         $sys->get['ip2'] == "" ||
         $sys->get['ip3'] == "" ||
         $sys->get['ip4'] == ""){
        $sys->prompt("failed","IP格式错误!<!-- ip* error -->");
    }else{
        $sys->get['ip1'] = $sys->get['ip1'] == "*" ? $sys->get['ip1'] : (int)$sys->get['ip1'];
        $sys->get['ip2'] = $sys->get['ip2'] == "*" ? $sys->get['ip2'] : (int)$sys->get['ip2'];
        $sys->get['ip3'] = $sys->get['ip3'] == "*" ? $sys->get['ip3'] : (int)$sys->get['ip3'];
        $sys->get['ip4'] = $sys->get['ip4'] == "*" ? $sys->get['ip4'] : (int)$sys->get['ip4'];
        $sql = "DELETE FROM ".DB_TABLE_FORBID_IP."
                WHERE ip1 = '".$sys->get['ip1']."' AND ip2 = '".$sys->get['ip2']."' AND ip3 = '".$sys->get['ip3']."' AND ip4 = '".$sys->get['ip4']."'";
        $result = $db->Execute($sql);
        if (!$result) {
            echo $db->ErrorMsg();
        }
    }
    $sys->prompt("jump",$CONFIGURE['common']['control_admin']."?act=forbid_ip");

}else{
    $forbid_ip_list = array();
    $sql = "SELECT forbid_ip.*, member.id as member_id, member.username as member_username
            FROM ".DB_TABLE_FORBID_IP." forbid_ip
                LEFT JOIN ".DB_TABLE_MEMBER." member ON member.id=forbid_ip.admin_id
            ORDER BY forbid_ip.time_created DESC";
    $result = &$db->Execute($sql);
    if (!$result) {
        echo $db->ErrorMsg();
    } else {
        while (!$result->EOF) {
            $forbid_ip_list[] = array(
                'ip1'               => $result->fields['ip1'],
                'ip2'               => $result->fields['ip2'],
                'ip3'               => $result->fields['ip3'],
                'ip4'               => $result->fields['ip4'],
                'time_created'      => $result->fields['time_created'],
                'time_begin'        => $result->fields['time_begin'],
                'time_end'          => $result->fields['time_end'],
                'admin_id'          => $result->fields['admin_id'],

                'member_id'         => $result->fields['member_id'],
                'member_username'   => $result->fields['member_username'],
            );
            $result->MoveNext();
        }
    }
    $t->assign(array(
        "forbid_ip_list"   => $forbid_ip_list,
    ));
}
?>
